目录

Nextcloud 安装备注

安装

待补充。

docker 方式安装

docker-compose.yml
version: '3'

services:
  db:
    image: mariadb:latest
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - nextcloud

  redis:
    image: redis:alpine
    restart: always
    volumes:
      - redis_data:/data
    networks:
      - nextcloud

  app:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    depends_on:
      - db
      - redis
    networks:
      - nextcloud

  cron:
    image: nextcloud:fpm-alpine
    restart: always
    volumes:
      - nextcloud:/var/www/html
    entrypoint: /cron.sh
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    depends_on:
      - db
      - redis
    networks:
      - nextcloud

  web:
    image: nginx:alpine
    restart: always
    ports:
      - 80:80
    volumes:
      - nextcloud:/var/www/html:ro
      - nginx_conf:/etc/nginx/conf.d
    depends_on:
      - app
    networks:
      - nextcloud

  onlyoffice:
    image: onlyoffice/documentserver:latest
    restart: always
    ports:
      - 8088:80
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_etc:/etc/onlyoffice
      - onlyoffice_fonts:/usr/share/fonts/truetype/custom
      - onlyoffice_lib:/var/lib/onlyoffice
      - onlyoffice_db:/var/lib/postgresql
      - onlyoffice_log:/var/log/onlyoffice
    networks:
      - nextcloud

volumes:
  nextcloud:
  db:
  nginx_conf:
  redis_data:
  onlyoffice_data:
  onlyoffice_etc:
  onlyoffice_fonts:
  onlyoffice_lib:
  onlyoffice_db:
  onlyoffice_log:

networks:
  nextcloud:

其他

Nextcloud 与 Onlyoffice 集成:

当 Onlyoffice 使用自签署 ssl 证书时,Nextcloud 连接 onlyoffice 会报错。解决办法(关闭证书验证):

在 config/config.php 文件中加上

  'onlyoffice' =>
  array (
    'verify_peer_off' => TRUE,
  ),

参考: https://github.com/ONLYOFFICE/onlyoffice-owncloud/issues/172

docker 方式安装 (2020-12-28)

更新:

docker-compose.yml
version: '3'

services:
  db:
    image: mariadb:latest
    command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
    restart: always
    volumes:
      - db:/var/lib/mysql
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    networks:
      - nextcloud

  redis:
    image: redis:alpine
    restart: always
    volumes:
      - redis_data:/data
    networks:
      - nextcloud

  app:
    image: nextcloud:20-fpm-alpine
    restart: always
    volumes:
      - nextcloud_data:/var/www/html
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    depends_on:
      - db
      - redis
    networks:
      - nextcloud

  cron:
    image: nextcloud:20-fpm-alpine
    restart: always
    volumes:
      - nextcloud_data:/var/www/html
    entrypoint: /cron.sh
    environment:
      - MYSQL_HOST=db
      - REDIS_HOST=redis
      - MYSQL_PASSWORD=nextcloud
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nextcloud
    depends_on:
      - db
      - redis
    networks:
      - nextcloud

  web:
    image: nginx:alpine
    restart: always
    ports:
      - 8080:80
    volumes:
      - nextcloud_data:/var/www/html:ro
      # - nginx_conf:/etc/nginx/conf.d
      - ./nginx-nextcloud.conf:/etc/nginx/conf.d/default.conf:ro
    depends_on:
      - app
    networks:
      - nextcloud
    #   - proxy-net
    # environment:
    #   - VIRTUAL_HOST=cloud.example.com
    #   - VIRTUAL_PORT=80
    #   - SSL_POLICY=Mozilla-Modern

  onlyoffice:
    image: onlyoffice/documentserver:6.1
    restart: always
    ports:
      - 8088:80
    volumes:
      - onlyoffice_data:/var/www/onlyoffice/Data
      - onlyoffice_log:/var/log/onlyoffice
      - onlyoffice_fonts:/usr/share/fonts/truetype/custom
      - onlyoffice_lib:/var/lib/onlyoffice
      - onlyoffice_db:/var/lib/postgresql
      - onlyoffice_redis:/var/lib/redis
      - onlyoffice_rabbitmq:/var/lib/rabbitmq
    networks:
      - nextcloud
    #   - proxy-net
    # environment:
    #   - VIRTUAL_HOST=office.example.com
    #   - VIRTUAL_PORT=80
    #   - SSL_POLICY=Mozilla-Modern

volumes:
  nextcloud_data:
  db:
  # nginx_conf:
  redis_data:
  onlyoffice_data:
  onlyoffice_log:
  onlyoffice_fonts:
  onlyoffice_lib:
  onlyoffice_db:
  onlyoffice_redis:
  onlyoffice_rabbitmq:

networks:
  nextcloud:
  # proxy-net:
  #   external: true

nginx config 文件。参考: https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf

nginx-nextcloud.conf
# copy from https://github.com/nextcloud/docker/blob/master/.examples/docker-compose/with-nginx-proxy/mariadb-cron-redis/fpm/web/nginx.conf
 
 
upstream php-handler {
    server app:9000;
}
 
server {
    listen 80;
 
    add_header Referrer-Policy "no-referrer" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Permitted-Cross-Domain-Policies "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
 
    # Remove X-Powered-By, which is an information leak
    fastcgi_hide_header X-Powered-By;
 
    root /var/www/html;
 
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
 
 
    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
 
    # The following rule is only needed for the Social app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
 
    location = /.well-known/carddav {
        return 301 $scheme://$host:$server_port/remote.php/dav;
    }
 
    location = /.well-known/caldav {
        return 301 $scheme://$host:$server_port/remote.php/dav;
    }
 
 
 
    # set max upload size
    client_max_body_size 10G;
    fastcgi_buffers 64 4K;
 
    # Enable gzip but do not remove ETag headers
    gzip on;
    gzip_vary on;
    gzip_comp_level 4;
    gzip_min_length 256;
    gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 
 
    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;
 
    location / {
        rewrite ^ /index.php;
    }
 
    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
        deny all;
    }
    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }
 
    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
        set $path_info $fastcgi_path_info;
        try_files $fastcgi_script_name =404;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $path_info;
 
		# must set https on, because nginx proxy to here is http.
        fastcgi_param HTTPS on;
 
        # Avoid sending the security headers twice
        fastcgi_param modHeadersAvailable true;
 
        # Enable pretty urls
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
 
    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
        try_files $uri/ =404;
        index index.php;
    }
 
 
    # Adding the cache control header for js, css and map files
    # Make sure it is BELOW the PHP block
    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
        try_files $uri /index.php$request_uri;
        add_header Cache-Control "public, max-age=15778463";
 
        add_header Referrer-Policy "no-referrer" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Download-Options "noopen" always;
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-Permitted-Cross-Domain-Policies "none" always;
        add_header X-Robots-Tag "none" always;
        add_header X-XSS-Protection "1; mode=block" always;
 
        # Optional: Don't log access to assets
        access_log off;
    }
 
    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
        try_files $uri /index.php$request_uri;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

集成 OnlyOffice

国内网络有时刷不出应用商店,此时可以进 app 的 docker 内进行手动下载:

cd /var/www/html/custom_apps
wget https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v6.2.0/onlyoffice.tar.gz
tar zxf onlyoffice.tar.gz
chown -R www-data onlyoffice
rm onlyoffice.tar.gz

配置:

  1. 文档编辑服务地址: 需要填容器外部可访问的 onlyoffice 服务器地址
  2. 用于服务器内部访问的文档编辑服务器的地址: 选填,容器内部可访问的地址,如果用上面的 docker-compose 配置,可填 http://onlyoffice/
  3. 用于文档编辑服务内部请求的服务器的地址: 选填,容器内部可访问的地址,如果用上面的 docker-compose 配置,可填 http://web/

如果填了下面两个地址,则保存时会报错,需要改 nextcloud 的配置,增加可信域名

# vi /var/www/html/config/config.php
# 增加
 
# 允许本地网络的远程服务器
'allow_local_remote_servers' => true,
# 增加可信域名,即允许通过该域名访问 nextcloud
'trusted_domains' =>
  1 => 'web',